﻿<?php
session_start();
require_once('config.php');
function check($str){
    return str_replace("'","''",$str);
}
if($_SESSION["islogin"]!=='igiveyouthepower'){
echo "<script language=JavaScript>\r\n";
echo "alert('请先登录!');\r\n";
echo "location.href='/manage_login.html'\r\n";
echo "</script>";
}else{
$jpwd=check($_POST["jpwd"]);
$pwd1=check($_POST["pwd1"]);
$pwd2=check($_POST["pwd2"]);
if($jpwd==''||$pwd1==''||$pwd2==''){
echo "<script language=JavaScript>\r\n";
echo "alert('请填写完整再提交!');\r\n";
echo "location.href='pwdedit.php'\r\n";
echo "</script>";
}
if($pwd1!==$pwd2){
echo "<script language=JavaScript>\r\n";
echo "alert('两次新密码输入不一致!');\r\n";
echo "location.href='pwdedit.php'\r\n";
echo "</script>";
}
$jpwd=$jpwd;
$pwd1=$pwd1;
$conn = mysql_connect($cfg_dbhost,$cfg_dbuser,$cfg_dbpwd);
mysql_select_db($cfg_dbname,$conn);
$mquery="select * from ph_admin where admin='".$_SESSION["managername"]."' and adminpass='".$jpwd."'";
$mresult=mysql_query($mquery);
if(mysql_num_rows($mresult)<1){
echo "<script language=JavaScript>\r\n";
echo "alert('原密码输入错误!');\r\n";
echo "location.href='pwdedit.php'\r\n";;
echo "</script>";
}
else{
$sql = "update ph_admin set adminpass='".$pwd1."' where admin='".$_SESSION["managername"]."'";
mysql_query($sql,$conn);
echo "<script language=JavaScript>\r\n";
echo "alert('修改成功!');\r\n";
echo "location.href='pwdedit.php'\r\n";
echo "</script>";
}}
?>